How a personality trait puts you at risk for cybercrime

Impulse online shopping, downloading music and compulsive email use are all signs of a certain personality trait that make you a target for malware attacks. New research from Michigan State University examines the behaviors – both obvious and subtle – that lead someone to fall victim to cybercrime involving Trojans, viruses, and malware.

“People who show signs of low self-control are the ones we found more susceptible to malware attacks,” said Tomas Holt, professor of criminal justice and lead author of the research. “An individual’s characteristics are critical in studying how cybercrime perseveres, particularly the person’s impulsiveness and the activities that they engage in while online that have the greatest impact on their risk.”

“Self-control is an idea that’s been looked at heavily in criminology in terms of its connection to committing crimes,” Holt said. “But we find a correlation between low self-control and victimization; people with this trait put themselves in situations where they are near others who are motivated to break the law.”

The research, published in Social Science Computer Review, assessed the self-control of nearly 6,000 survey participants, as well as their computers’ behavior that could indicate malware and infection. To measure victimization, Holt and his team asked participants a series of questions about how they might react in certain situations. For computer behavior, they asked about their computer having slower processing, crashing, unexpected pop-ups and the homepage changing on their web browser.

“The internet has omnipresent risks,” Holt said. “In an online space, there is constant opportunity for people with low self-control to get what they want, whether that is pirated movies or deals on consumer goods.”

As Holt explained, hackers and cybercriminals know that people with low self-control are the ones who will be scouring the internet for what they want – or think they want – which is how they know what sites, files or methods to attack.

Understanding the psychological side of self-control and the types of people whose computers become infected with malware – and who likely spread it to others – is critical in fighting cybercrime, Holt said. What people do online matters, and the behavioral factors at play are entirely related to risks.

Computer scientists, Holt said, approach malware prevention and education from a technical standpoint; they look for new software solutions to block infections or messaging about the infections themselves. This is important, but it is also essential to address the psychological side of messaging to those with low self-control and impulsive behaviors.

“There are human aspects of cybercrime that we don’t touch because we focus on the technical side to fix it,” he said. “But if we can understand the human side, we might find solutions that are more effective for policy and intervention.”

Looking ahead, Holt hopes to help break the silos between computer and social sciences to think holistically about fighting cybercrime.

“If we can identify risk factors, we can work in tandem with technical fields to develop strategies that then reduce the risk factors for infection,” Holt said. “It’s a pernicious issue we’re facing, so if we can attack from both fronts, we can pinpoint the risk factors and technical strategies to find solutions that improve protection for everyone.”